From cc95f5c16ea9e8ff39d680384ff1b467545dd9a0 Mon Sep 17 00:00:00 2001
From: Phil Rzewski <phil@brimdata.io>
Date: Mon, 16 Oct 2023 13:23:53 -0700
Subject: [PATCH 1/3] Filter out Suricata rules when assembling zdeps on
 Windows (#2858)

---
 apps/zui/scripts/download-zdeps/index.js | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/apps/zui/scripts/download-zdeps/index.js b/apps/zui/scripts/download-zdeps/index.js
index bfe48ffdcd..fb0577f7b3 100644
--- a/apps/zui/scripts/download-zdeps/index.js
+++ b/apps/zui/scripts/download-zdeps/index.js
@@ -111,11 +111,24 @@ async function zedDevBuild(destPath) {
   }
 }
 
+// Suricata rules are dropped from the Windows build to fix a false positive
+// malware flagging. See https://github.com/brimdata/zui/issues/2857.
+const filterBrimcapZdeps = (src, dest) => {
+  if (process.platform == "win32" &&
+      (/suricata\.rules$/.test(src) || /emerging\.rules\.tar\.gz$/.test(src)) &&
+      fs.statSync(src).isFile()) {
+    return false
+  } else {
+    return true
+  }
+}
+
 async function main() {
   try {
     fs.copySync(
       path.resolve("..", "..", "node_modules", "brimcap", "build", "dist"),
-      zdepsPath
+      zdepsPath,
+      { filter: filterBrimcapZdeps }
     )
     const brimcapVersion = child_process
       .execSync(path.join(zdepsPath, "brimcap") + " -version")

From 19ac619b782bfb3370010680934266d899473d4d Mon Sep 17 00:00:00 2001
From: Phil Rzewski <phil@brimdata.io>
Date: Mon, 16 Oct 2023 13:52:18 -0700
Subject: [PATCH 2/3] Set version in package.json to 1.3.1

---
 apps/zui/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/zui/package.json b/apps/zui/package.json
index 03e5c2367e..36f2f65873 100644
--- a/apps/zui/package.json
+++ b/apps/zui/package.json
@@ -5,7 +5,7 @@
   "description": "Zed User Interface",
   "repository": "https://github.com/brimdata/zui",
   "license": "BSD-3-Clause",
-  "version": "1.3.0",
+  "version": "1.3.1",
   "main": "dist/main.js",
   "author": "Brim Data <support@brimdata.io> (http://www.brimdata.io)",
   "lake": {

From 09f9154046b8c011c09de06e3bdc38a9690d4ad9 Mon Sep 17 00:00:00 2001
From: Phil Rzewski <phil@brimdata.io>
Date: Mon, 16 Oct 2023 14:03:17 -0700
Subject: [PATCH 3/3] Update changelog for v1.3.1

---
 apps/zui/CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/apps/zui/CHANGELOG.md b/apps/zui/CHANGELOG.md
index 0d663d6106..f117418763 100644
--- a/apps/zui/CHANGELOG.md
+++ b/apps/zui/CHANGELOG.md
@@ -1,3 +1,6 @@
+## v1.3.1
+- Due to malware false positives, Windows releases no longer include a full initial set of Suricata rules (as always, up-to-date rules will be downloaded on first Internet-connected launch of Zui) (#2858)
+
 ## v1.3.0
 - Update Zed to [v1.10.0](https://github.com/brimdata/zed/releases/tag/v1.10.0)
 - Update Brimcap to [v1.5.2](https://github.com/brimdata/brimcap/releases/tag/v1.5.2)